Google Patches Fifth Chrome Zero-Day This Year

Google has released a security update for Chrome to fix a high-severity zero-day vulnerability (CVE-2024-4671) exploited in attacks. This "use after free" flaw in the Visuals component could lead to data leakage, code execution, or crashes. The update (version 124.0.6367.201/.202) is rolling out to users over the next week. This is the fifth Chrome zero-day vulnerability fixed this year, following three others discovered during the March 2024 Pwn2Own hacking contest. Users can confirm they're running the latest version by going to Settings > About Chrome and relaunching the browser after the update finishes.

Black Basta Ransomware Breaches Over 500 Organizations Worldwide

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory warning that, between April 2022 and May 2024, Black Basta ransomware affiliates have breached over 500 organizations worldwide, including US healthcare entities, and encrypting and stealing data from at least 12 critical infrastructure sectors. Believed to be linked to the Conti cybercrime syndicate, Black Basta has targeted high-profile victims globally, with CISA and the FBI recommending mitigations such as keeping software up-to-date, requiring phishing-resistant multi-factor authentication, and securing remote access software. Healthcare organizations urged to take particular caution due to their attractiveness to cybercrime actors.

GhostStripe Attack Puts Self-Driving Cars at Risk

Researchers have discovered a potential security vulnerability in self-driving cars, dubbed the GhostStripe attack, which exploits camera-based computer vision systems, causing vehicles to ignore road signs. The technique uses LEDs to project patterns of light onto signs, manipulating camera sensors and preventing software from recognizing signs. Tested on a real road with a camera used in Baidu Apollo's hardware reference design, the attack achieved a 94% success rate without vehicle access and 97% with access. Countermeasures include replacing rolling shutter CMOS cameras, randomizing line scanning, or including the attack in AI training. This study highlights ongoing safety concerns in AI and autonomous vehicle development, joining other research demonstrating vulnerabilities to adversarial inputs.

Christie's Website Shut Down by Cyberattack Days Before $840M Art Auction

Christie's website has been offline since Thursday due to a "technology security issue," believed to be a cyberattack, just days before a planned $840 million art mega-auction. The auction house has confirmed the issue but assured that no customer data has been stolen. The website remains offline, with a temporary site in its place, and the auction will proceed as planned on Tuesday, but with in-person and phone bidding only. This incident comes less than a year after Christie's inadvertently leaked location data of high-end art owners. The company has since addressed that error, but another security slip-up raises concerns.